Mac Malware Can Easily Spy On Your Skype Calls, Warns Ex-NSA Hacker

Hackers can take advantage of Apple Macs' features to spy on webcam sessions. (Photo by Andrew Burton/Getty Images)

Patrick Wardle, an ex-NSA hacker with a penchant for finding novel Apple Mac hacks, has proposed a new way snoops might spy on people via their webcams.

As Macs make their camera sharable to multiple apps at the same time for perfectly legitimate reasons, it's possible to create a malicious app that asks to use the webcam. Unlike with current Mac malware strains - like Eleanor and Crisis - the app wouldn't just start using the camera, as the LED light would turn on and alert the user. Instead, Wardle's malware would wait until another app - like Skype or Google Hangouts - ran so the spyware could piggyback on the process and start recording the victim.

No known malware does this, even if it's a simple feature to add, said Wardle. "It’s conceivable that there is malware out there already that is doing this," Wardle, who now heads the research department at Synack, told FORBES.

When Mac users are using their webcams they are usually discussing interesting or sensitive things. And this is what the malware would likely want to record anyways," Wardle noted. "If you infected my Mac and recorded me all the time, you’d see me sitting at my desk, picking my nose, petting my dog, and occasionally swearing at my computer. However, when I jump on a Google Hangout to discuss a new zero-day vulnerability with a vendor - that's when things get interesting."

With that in mind, Wardle has created a basic tool, OverSight, to alert Mac owners whenever a program is asking for permission to access the camera. The user can then reject or allow access. It also keeps logs of what permissions were granted, useful for businesses who want to check when employees allowed recordings when they shouldn't have.

Other basic protections, like downloading the latest Mac OS X software and avoiding installing apps from suspicious websites, will help prevent malware getting on the computer in the first place.

Another Apple privacy problem

Earlier this week, another security problem emerged for Apple when a developer found iMessage on iOS 10 and MacOS Sierra 10.12 would expose potentially-sensitive information, including IP address and OS version, when a link was posted in a chat. "It's reasonable to believe that there is potential that an exploit found in Safari could be triggered without the target even browsing to the site, simply by sending them an iMessage containing that URL," wrote Ross McKillop.

Apple had not responded to a request for comment on that issue at the time of publication. It is, however, planning to update iOS 10 to stop using weak iTunes backup passwords, which it had inexplicably chosen to make less secure.